146 matches found
GHSA-WRQC-Q8P5-76M5 Incorrect Authorization in Jenkins Gerrit Trigger Plugin
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins...
Incorrect Authorization in Jenkins Gerrit Trigger Plugin
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins...
GHSA-4VF2-CM23-RF4C Incorrect Authorization in Jenkins Gerrit Trigger Plugin
An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to modify the Gerrit configuration in Jenkins...
Parameterized Trigger Plugin fails to check Item/Build permission
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. The plugin has been adapted to now check for Item/Build permission before triggering a...
GHSA-MC22-25R3-2W9W Parameterized Trigger Plugin fails to check Item/Build permission
Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. The plugin has been adapted to now check for Item/Build permission before triggering a...
GHSA-455J-8HG5-8576 Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of these vulnerabilities...
Jenkins Gerrit Trigger Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...
CVE-2022-29039
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29039
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-29039
CVE-2022-29039 affects Jenkins Gerrit Trigger Plugin 2.35.2 and earlier. The vulnerability is a stored XSS caused by failing to escape the name/description of Base64 Encoded String parameters on parameter views, exploitable by users with Item/Configure permission. Connected documents confirm the ...
CVE-2022-29039
Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the name and description of Base64 Encoded String parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Jenkins Gerrit Trigger Plugin跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...
PT-2022-19378 · Jenkins · Jenkins Gerrit Trigger Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Gerrit Trigger Plugin versions 2.35.2 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which can be exploited by attackers with Item/Configure permission. This occurs because the plugin do...
CVE-2022-27195
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...
Jenkins Parameterized Trigger Plugin Information Disclosure Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. These values are stored and can be viewed by an attacker with access to the...
GHSA-5MPF-HW8F-86W9 Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...
CVE-2022-27195
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...
CVE-2022-27195
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their build.xml files. These values are stored unencrypted and can be viewed by users with access to...
CVE-2022-27195
CVE-2022-27195 affects Jenkins Parameterized Trigger Plugin (versions 2.43 and earlier). The vulnerability arises from the plugin capturing environment variables passed to builds triggered by the plugin, including password parameter values, and storing them unencrypted in build.xml files. These s...